"The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times calls the attack the largest known DDoS attack ever on the Internet. We wrote about the attack last week. At the time, it was a large attack, sending 85Gbps of traffic. Since then, the attack got much worse. Here are some of the technical details of what we've seen."

I did read someone else suggesting that and at the time I didn't take their suggestion all that serious because of the disruption it could cause. But thinking about it again, it's probably a good long term goal.

And with that, I think you're probably right that the best solution is at the name server end rather than trying to patch all the edge routers.